want to authorise but not authenticate
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Wed Jul 8 13:39:57 CEST 2009
Hi,
> authorize {
> if((User-Name == User-Password) && %{ldap:etc...}){
> update control {
> Auth-Type := 'NULL'
> }
> }
> else {
> // Authentication modules
> }
> }
>
>
> Auth-Type NULL {
> ok
> }
this is pretty uch what is already on the system - the trouble then is that
people can then just login by using any account so long as the password
is the same value
eg
hacker
hacker
they dont even need a valid account to actually authenticate.
what we need is for the X=Y to work for authorise and then
not give a damn about authentication - but, as said, looks like
we cannot distinguish between auth and auth (if you get what
I mean ;-) ) - if only we could send Service-Type from the device...
alan
More information about the Freeradius-Users
mailing list